Forest

deleted

@f3v3r , You need to import the ps module using ‘Import-module SharpHound.ps1’.

Need help regarding the actual user shell.
I’ve obtained a username and a password, but I’ve tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I’m really close, but missing something silly

Absolutely amazing box! message me for help!

Type your comment> @LeonardLeonard said:

Need help regarding the actual user shell.
I’ve obtained a username and a password, but I’ve tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I’m really close, but missing something silly

re-enum :slight_smile: there is something

Type your comment> @LeonardLeonard said:

Need help regarding the actual user shell.
I’ve obtained a username and a password, but I’ve tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I’m really close, but missing something silly

If you don’t know the tool you will never find this, check @mcruz comment on the previous page

I did not need to use that dog tool to get root. PTH’ in the house. Going to work on learning a little more. It sounds like this is the perfect time to set up that Windows Vm to learn working with that other tool so I will be do that as well. Thanks to the creators. Shout out to @egre55 who is probably my favorite box maker.

Without a doubt the hardest one I’ve done so far. Very little experience with windows. Needed alot of help with this one, but hopefully I learned something. Did not even have fun with this box, since there were only a few things I figured out by myself and not looking at some tutorial or asking someone on the forum. Thanks to all those who helped.

why is my evil program not working? but msf module can log in with creds? same for msf module on RCE that wont connect either?

Normally don’t comment. Really stuck on this one… Used nmap sb**u**s.ne to get users. Not sure if I’m missing some or what, but I can’t get the impacket scripts to work without passwords. Banging my head against the wall.

EDIT: Was totally missing users. All good now.

Got user. Could anybody give me some hints on root? That drives me nearly crazy. Plz PM me.

@IdeaEngine007 i did that .

Type your comment> @suls said:

Type your comment> @LeonardLeonard said:

Need help regarding the actual user shell.
I’ve obtained a username and a password, but I’ve tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I’m really close, but missing something silly

If you don’t know the tool you will never find this, check @mcruz comment on the previous page

I did see it previously, but I couldn’t figure out what “EVIL” meant

EDIT: Nevermind, found it. But now I’m confused as to why all my other tools failed. What made this tool special?

Root Is driving me crazy. I used S*****d and gives me a path throught a user xn that does not exists. Is this Path even right?

Spoiler Removed

@Nikolay167, specify the complete path of the ps file.

My bad for the incomplete info :confused:

Spoiler Removed

Spoiler Removed

can anyone help me with the very last step of root?

@Nikolay167 said:

So after launching that command youhad zip file? Or you did something extra for it ?

Run as import-module .\filename.ps1 (do not forget the dot+backslash).

To run SH succesfully go to BH wiki page and add some more parameters to Invoke-B***